Hackers in China target US government Gmail accounts

Google has uncovered a series of phishing attempts targeted at US and South Korean government officials. The attacks, which appear to originate from Jinan, China, attempted to gain access to the personal Gmail accounts of hundreds of users by tricking them into sharing their passwords. Chinese political activists, military personnel and journalists were also targeted.

The attackers were attempting to monitor their victims' email accounts by changing the settings to automatically forward messages. The attempts seem to have started in February, according to a report referenced by Google that also describes how the attacks were carried out.

Victims were sent a message appearing to be from someone they know,
and the contents of the message mimicked the familiar Gmail interface
for downloading attachments. These links actually lead to a fake Gmail
login page, prompting the victim to enter their password and give the
attacker access to their account.

One example email, titled "Fw:Draft US-China Joint Statement"
contains the message "This is the latest version of State's joint
statement. My understanding is that State put in placeholder econ
language and am happy to have us fill in but in their rush to get a
cleared version from the WH, they sent the attached to Mike." followed
by what appears to be an attached Word document called "Joint Statement -
U S draft_KC edits.doc".

Google has notified the victims of the attack and secured their
accounts, while also alerting the relevant government authorities.

The Chinese government has denied any involvement in the attacks.
"Blaming these misdeeds on China is unacceptable," said Chinese foreign
ministry spokesman Hong Lei at a news briefing this morning. "Hacking
is an international problem and China is also a victim. The claims of
so-called support for hacking are completely unfounded and have ulterior
motives," he said.

The hacking discovery comes just as both the US and UK governments ramp up their cyber-defences and their cyberwar rhetoric. "If you shut down our power grid, maybe we will put a missile down one of your smokestacks," said one Pentagon official.